Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fortinet security patch release for CVE-2025-64155

Security Patch Release
First reported
Last updated
Happening score
H score 53
2 unique sources, 2 articles

Summary

Hide ▲

Fortinet released security updates for FortiSIEM and FortiFone, closing critical vulnerabilities that could let unauthenticated attackers achieve code execution or expose device configuration on affected systems. The FortiSIEM flaw, CVE-2025-64155, impacts specific Super and Worker nodes and was rated 9.4/10.0. A separate FortiFone issue, CVE-2025-47855, could leak configuration data through a crafted HTTP(S) request. Fortinet also advised customers to upgrade affected releases and, for CVE-2025-64155, restrict access to phMonitor port 7900.

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Linux distros patch release for Fragnasia (CVE-2026-46300)

Security Patch Release
First: 14.05.2026 10:34 Last: 14.05.2026 10:34 Sources 1

About this happening: Linux distros are rolling out **patches** for **CVE-2026-46300**, a high-severity kernel flaw that can let unprivileged local attackers gain **root** on vulnerable Linux systems....

Open Happening

F5 security patch release for CVE-2026-42945

Security Patch Release
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...

Latest development: 17.05.2026 14:57

VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.

Open Happening

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Fortinet FortiClient EMS emergency patch release (CVE-2026-35616, CVE-2026-21643)

Security Patch Release
First: 07.04.2026 12:26 Last: 07.04.2026 12:26 Sources 1

About this happening: **Fortinet** released an **emergency hotfix** for **FortiClient Enterprise Management Server (EMS)** after confirming **active exploitation** of **CVE-2026-35616**, a critical fla...

Open Happening

Timeline

  1. 14.01.2026 02:00 3 articles · 4mo ago

    Fortinet releases fixes for FortiSIEM and FortiFone

    Mitigation Patch Update

    Fortinet released updates on January 14, 2026 to fix CVE-2025-64155 in FortiSIEM and CVE-2025-47855 in FortiFone, providing fixed releases for affected versions and recommending that customers restrict access to phMonitor port 7900 while upgrading.

    Show sources
    Open in new tab
  2. 14.08.2025 03:00 1 articles · 9mo ago

    Horizon3.ai reports FortiSIEM CVE-2025-64155

    Initial Disclosure

    Horizon3.ai researcher Zach Hanley reported CVE-2025-64155 in FortiSIEM on August 14, 2025, describing an OS command injection flaw in phMonitor that could let an unauthenticated attacker execute unauthorized code or commands via crafted TCP requests and chain arbitrary file write with privilege escalation on affected Super and Worker nodes.

    Show sources
    Open in new tab